kubernetesapache-kafka

Kubernetes bitnami/kafka connecting failed


I tried to connect to my kafka server on my bearmetal kubernetes installation with default settings. Install with helm

helm install kafka oci://registry-1.docker.io/bitnamicharts/kafka -n kafka

client.properties:

security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-256
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
    username="user1" \
    password="$(kubectl get secret kafka-user-passwords --namespace kafka -o jsonpath='{.data.client-passwords}' | base64 -d | cut -d , -f 1);

Producer calls on kafka-client

kubectl exec --tty -i kafka-client --namespace kafka -- bash

kafka-console-producer.sh \
            --producer.config /tmp/client.properties \
            --bootstrap-server kafka.kafka.svc.cluster.local:9092 \
            --topic test

Error message

ERROR [Producer clientId=console-producer] Connection to node -1 (kafka.kafka.svc.cluster.local/10.103.15.48:9092) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient)

How can I solve this problem? Is user1 valid username ín this kafka installation?

I found user1 client ín https://github.com/bitnami/charts/blob/main/bitnami%2Fkafka%2Fvalues.yaml

Thanks for all suggestion!


Solution

  • Ok, I use plain Text auth for success test. I copied the output of this command to the client.properties:

    kubectl get secret kafka-user-passwords --namespace kafka -o jsonpath='{.data.client-passwords}' | base64 -d | cut -d , -f 1
    

    And the client.properties file looks like this:

    security.protocol=SASL_PLAINTEXT
    #sasl.mechanism=SCRAM-SHA-256
    sasl.mechanism=PLAIN
    sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="user1" password="OUTPUT_OF_GET_SECRET";